LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: October 24th, 2014
Linux Security Week: October 20th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
RedHat: Updated kernel packages fix security Print E-mail
User Rating:      How can I rate this item?
Posted by Joseph Shakespeare   
RedHat Linux Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available.
- ---------------------------------------------------------------------
                   Red Hat Security Advisory

Synopsis:          Updated kernel packages fix security vulnerabilities
Advisory ID:       RHSA-2005:043-01
Advisory URL:      https://rhn.redhat.com/errata/RHSA-2005-043.html
Issue date:        2005-01-18
Updated on:        2005-01-18
Product:           Red Hat Enterprise Linux
Keywords:          taroon kernel security errata
Obsoletes:         RHSA-2004:689
CVE Names:         CAN-2004-1235 CAN-2004-1237 CAN-2005-0003
- ---------------------------------------------------------------------

1. Summary:

Updated kernel packages that fix several security issues in Red Hat
Enterprise Linux 3 are now available.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AS version 3 - athlon, i386, i686, ia32e, ia64, ppc64, ppc64iseries, ppc64pseries, s390, s390x, x86_64
Red Hat Desktop version 3 - athlon, i386, i686, ia32e, x86_64
Red Hat Enterprise Linux ES version 3 - athlon, i386, i686, ia32e, ia64, x86_64
Red Hat Enterprise Linux WS version 3 - athlon, i386, i686, ia32e, ia64, x86_64

3. Problem description:

The Linux kernel handles the basic functions of the operating system.

This advisory includes fixes for several security issues:

iSEC Security Research discovered a VMA handling flaw in the uselib(2)
system call of the Linux kernel.  A local user could make use of this
flaw to gain elevated (root) privileges.  The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-1235 to
this issue.

A flaw was discovered where an executable could cause a VMA overlap leading
to a crash.  A local user could trigger this flaw by creating a carefully
crafted a.out binary on 32-bit systems or a carefully crafted ELF binary
on Itanium systems.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0003 to this issue.

iSEC Security Research discovered a flaw in the page fault handler code
that could lead to local users gaining elevated (root) privileges on
multiprocessor machines.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-0001 to this issue. A patch
that coincidentally fixed this issue was committed to the Update 4 kernel
release in December 2004.  Therefore Red Hat Enterprise Linux 3 kernels
provided by RHBA-2004:550 and subsequent updates are not vulnerable to
this issue.

A flaw in the system call filtering code in the audit subsystem included
in Red Hat Enterprise Linux 3 allowed a local user to cause a crash when
auditing was enabled.  The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1237 to this issue.

Olaf Kirch discovered that the recent security fixes for cmsg_len handling
(CAN-2004-1016) broke 32-bit compatibility on 64-bit platforms such as
AMD64 and Intel EM64T. A patch to correct this issue is included.

A recent Internet Draft by Fernando Gont recommended that ICMP Source
Quench messages be ignored by hosts.  A patch to ignore these messages is
included.

Note: The kernel-unsupported package contains various drivers and modules
that are unsupported and therefore might contain security problems that
have not been addressed.

All Red Hat Enterprise Linux 3 users are advised to upgrade their
kernels to the packages associated with their machine architectures
and configurations as listed in this erratum.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.  Use Red Hat
Network to download and update your packages.  To launch the Red Hat
Update Agent, use the following command:

    up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

    http://www.redhat.com/docs/manuals/enterprise/

5. Bug IDs fixed (http://bugzilla.redhat.com/):

132245 - CAN-2004-1237 Kernel panic when stopping Lotus Domino 6.52
141996 - CAN-2004-1237 instant kernel panic from one line perl program - BAD
142091 - CAN-2004-1237 kernel oops captured, system hangs
142442 - CAN-2004-1237 kernel panic ( __audit_get_target)
143866 - CAN-2004-1237 kernel panic caused by auditd
144029 - LTC13264-Kernel errata from Dec 23 results in a DB2 shutdown.
144048 - CAN-2004-1237 kernel panic when Oracle agentctl is run
144134 - CAN-2004-1235 isec.pl uselib() privilege escalation
144784 - CAN-2005-0003 huge vma-in-executable bug

6. RPMs required:

Red Hat Enterprise Linux AS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3AS/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e  kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84  kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7  kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec  kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d  kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d  kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334  kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6  kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f  kernel-2.4.21-27.0.2.EL.i686.rpm
b93d7d1dd1083a6f5d88081d3ba56397  kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92  kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582  kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3  kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92  kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2  kernel-2.4.21-27.0.2.EL.ia32e.rpm
90ccef47d359bf5476e4c08dbd1d6b0d  kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

ia64:
e221a4ac3760081e44613498be953467  kernel-2.4.21-27.0.2.EL.ia64.rpm
5d11a56a9e01f16c1280e91f38783387  kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
852eae888c00bae5ef615841966ab3e8  kernel-source-2.4.21-27.0.2.EL.ia64.rpm
63ff55a139e19648bd9e2d8b6dd48e4a  kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm

ppc64:
ba9f26ba2b62b45c3b095ad27e788b36  kernel-doc-2.4.21-27.0.2.EL.ppc64.rpm
4adf67ea243913ece424045c696fe88d  kernel-source-2.4.21-27.0.2.EL.ppc64.rpm

ppc64iseries:
32860054d812bd958f7dd7067fd8d062  kernel-2.4.21-27.0.2.EL.ppc64iseries.rpm
b806c052dfdec4fd298b041ea6ae1ddd  kernel-unsupported-2.4.21-27.0.2.EL.ppc64iseries.rpm

ppc64pseries:
78e15c97f0bd6775837a5d17667a0b0d  kernel-2.4.21-27.0.2.EL.ppc64pseries.rpm
a1d9e58411aa72bac10782701579d9f4  kernel-unsupported-2.4.21-27.0.2.EL.ppc64pseries.rpm

s390:
965050540cc98a2d020bf96fec166a9b  kernel-2.4.21-27.0.2.EL.s390.rpm
dc258fbe8dfcdbe9991d83d5b9a2eaa6  kernel-doc-2.4.21-27.0.2.EL.s390.rpm
879eea09a534959b7566d826b7f6178f  kernel-source-2.4.21-27.0.2.EL.s390.rpm
867a209a3c7d0321ac7a730bb76f66b7  kernel-unsupported-2.4.21-27.0.2.EL.s390.rpm

s390x:
2f4704180201df5c9f4601d6388a2f1d  kernel-2.4.21-27.0.2.EL.s390x.rpm
e94480cab994b4578f36d5b52cbe8a18  kernel-doc-2.4.21-27.0.2.EL.s390x.rpm
82702da6b0a1f02ee75e35530d8cfa41  kernel-source-2.4.21-27.0.2.EL.s390x.rpm
b7d12fcf166bdc9918d14be2b9d7edae  kernel-unsupported-2.4.21-27.0.2.EL.s390x.rpm

x86_64:
dac6f69766a22574e1d5978af5075032  kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e  kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d  kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6  kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b  kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7  kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

Red Hat Desktop version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3desktop/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e  kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84  kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7  kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec  kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d  kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d  kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334  kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6  kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f  kernel-2.4.21-27.0.2.EL.i686.rpm
b93d7d1dd1083a6f5d88081d3ba56397  kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92  kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582  kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3  kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92  kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2  kernel-2.4.21-27.0.2.EL.ia32e.rpm
90ccef47d359bf5476e4c08dbd1d6b0d  kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

x86_64:
dac6f69766a22574e1d5978af5075032  kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e  kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d  kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6  kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b  kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7  kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

Red Hat Enterprise Linux ES version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3ES/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e  kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84  kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7  kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec  kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d  kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d  kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334  kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6  kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f  kernel-2.4.21-27.0.2.EL.i686.rpm
b93d7d1dd1083a6f5d88081d3ba56397  kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92  kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582  kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3  kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92  kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2  kernel-2.4.21-27.0.2.EL.ia32e.rpm
90ccef47d359bf5476e4c08dbd1d6b0d  kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

ia64:
e221a4ac3760081e44613498be953467  kernel-2.4.21-27.0.2.EL.ia64.rpm
5d11a56a9e01f16c1280e91f38783387  kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
852eae888c00bae5ef615841966ab3e8  kernel-source-2.4.21-27.0.2.EL.ia64.rpm
63ff55a139e19648bd9e2d8b6dd48e4a  kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm

x86_64:
dac6f69766a22574e1d5978af5075032  kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e  kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d  kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6  kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b  kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7  kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

Red Hat Enterprise Linux WS version 3:

SRPMS:
ftp://updates.redhat.com/enterprise/3WS/en/os/SRPMS/kernel-2.4.21-27.0.2.EL.src.rpm
09585d63de4e3997fbc784fb5c33de4e  kernel-2.4.21-27.0.2.EL.src.rpm

athlon:
8d10a00490ab122236ab19b7c37c2b84  kernel-2.4.21-27.0.2.EL.athlon.rpm
ea13d1cd096d82f86ac94954666ba4e7  kernel-smp-2.4.21-27.0.2.EL.athlon.rpm
fb2768b0daea74a8e281a0379da9acec  kernel-smp-unsupported-2.4.21-27.0.2.EL.athlon.rpm
030e4934b0f5b2a3468a75c997026e0d  kernel-unsupported-2.4.21-27.0.2.EL.athlon.rpm

i386:
f6507cfbab30fd73803836fb887c0c8d  kernel-BOOT-2.4.21-27.0.2.EL.i386.rpm
12bc56400d22021e85a70bdb69b84334  kernel-doc-2.4.21-27.0.2.EL.i386.rpm
3f29e37a16ce9ef35fbf683ecc8b20b6  kernel-source-2.4.21-27.0.2.EL.i386.rpm

i686:
79ecf6ed92f8cd2433b80271ba861c7f  kernel-2.4.21-27.0.2.EL.i686.rpm
b93d7d1dd1083a6f5d88081d3ba56397  kernel-hugemem-2.4.21-27.0.2.EL.i686.rpm
1f98bad60e389265196988187709fb92  kernel-hugemem-unsupported-2.4.21-27.0.2.EL.i686.rpm
0e01092ec850666c0d48b7d9647da582  kernel-smp-2.4.21-27.0.2.EL.i686.rpm
9d31f976f9c3fe393c712d3a54b6dbb3  kernel-smp-unsupported-2.4.21-27.0.2.EL.i686.rpm
95ebdba782c14a84a0596140d5d1ef92  kernel-unsupported-2.4.21-27.0.2.EL.i686.rpm

ia32e:
edcfd82ced3f308f042ec9f8b40009e2  kernel-2.4.21-27.0.2.EL.ia32e.rpm
90ccef47d359bf5476e4c08dbd1d6b0d  kernel-unsupported-2.4.21-27.0.2.EL.ia32e.rpm

ia64:
e221a4ac3760081e44613498be953467  kernel-2.4.21-27.0.2.EL.ia64.rpm
5d11a56a9e01f16c1280e91f38783387  kernel-doc-2.4.21-27.0.2.EL.ia64.rpm
852eae888c00bae5ef615841966ab3e8  kernel-source-2.4.21-27.0.2.EL.ia64.rpm
63ff55a139e19648bd9e2d8b6dd48e4a  kernel-unsupported-2.4.21-27.0.2.EL.ia64.rpm

x86_64:
dac6f69766a22574e1d5978af5075032  kernel-2.4.21-27.0.2.EL.x86_64.rpm
da18bda83431346943105d70cfbc2e5e  kernel-doc-2.4.21-27.0.2.EL.x86_64.rpm
6d06481fbc319fc03aeb01bf737b718d  kernel-smp-2.4.21-27.0.2.EL.x86_64.rpm
08a9f455342bc96538f77c89b5963cb6  kernel-smp-unsupported-2.4.21-27.0.2.EL.x86_64.rpm
6bd8380a40e4adef8e23021856837d9b  kernel-source-2.4.21-27.0.2.EL.x86_64.rpm
0d9930eac68e305502be14e97c26b4b7  kernel-unsupported-2.4.21-27.0.2.EL.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package

7. References:

http://marc.theaimsgroup.com/?m=109503896031720
http://www.isec.pl/vulnerabilities/isec-0021-uselib.txt
http://www.isec.pl/vulnerabilities/isec-0022-pagefault.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0003

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2005 Red Hat, Inc.
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Pro-Privacy Senator Wyden on Fighting the NSA From Inside the System
NIST to hypervisor admins: secure your systems
Quick PHP patch beats slow research reveal
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.